Always disable mount and unmount for jails with enforce_statfs==2.

A working statfs(2) is required for umount(8) in jail.

Reviewed by:	pjd, kib
Approved by:	re (kib)
MFC after:	2 weeks

1 files changed, 7 insertions, 2 deletions

diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8
index 8ed913a..c5a2245 100644
--- a/usr.sbin/jail/jail.8
+++ b/usr.sbin/jail/jail.8
@@ -393,6 +393,9 @@ The
 .Xr lsvfs 1
 command can be used to find file system types available for mount from
 within a jail.
+This permission is effective only if
+.Va enforce_statfs
+is set to a value lower than 2.
 .It Va allow.quotas
 The prison root may administer quotas on the jail's filesystem(s).
 This includes filesystems that the jail may share with other jails or
@@ -746,9 +749,11 @@ It is not possible to
 or
 .Xr umount 8
 any file system inside a jail unless the file system is marked
-jail-friendly and the jail's
+jail-friendly, the jail's
 .Va allow.mount
-parameter is set.
+parameter is set and the jail's
+.Va enforce_statfs
+parameter is lower than 2.
 .Pp
 Multiple jails sharing the same file system can influence each other.
 For example a user in one jail can fill the file system also